jwtk · lhazlewood · Oct 15, 2023 · Oct 15, 2023 · Oct 15, 2023 · Oct 15, 2023
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,14 @@
 ## Release Notes
 
+### 0.12.3
+
+This patch release:
+
+* Upgrades the `org.json` dependency to `20231013` to address that library's
+  [CVE-2023-5072](https://nvd.nist.gov/vuln/detail/CVE-2023-5072) vulnerability.
+* (Re-)enables empty values for custom claims, which was the behavior in <= 0.11.5. 
+  [Issue 858](https://github.com/jwtk/jjwt/issues/858).
+
 ### 0.12.2
 
 This is a follow-up release to finalize the work in 0.12.1 that tried to fix a reflection scope problem

diff --git a/pom.xml b/pom.xml
@@ -110,7 +110,7 @@
         <buildNumber>${user.name}-${maven.build.timestamp}</buildNumber>
 
         <jackson.version>2.12.7.1</jackson.version>
-        <orgjson.version>20230618</orgjson.version>
+        <orgjson.version>20231013</orgjson.version>
         <gson.version>2.9.0</gson.version>
 
         <maven.javadoc.additionalOptions />
@@ -677,6 +677,7 @@
             <properties>
                 <maven.jar.version>3.2.2</maven.jar.version>
                 <maven.compiler.version>3.8.1</maven.compiler.version>
+                <orgjson.version>20230618</orgjson.version>
                 <bcprov.artifactId>bcprov-jdk15to18</bcprov.artifactId>
                 <bcpkix.artifactId>bcpkix-jdk15to18</bcpkix.artifactId>
             </properties>